Module scram

Expand description

SCRAM-SHA-256 authentication implementation.

This module implements the SCRAM-SHA-256 authentication mechanism as specified in RFC 5802 and RFC 7677, used by PostgreSQL for secure password authentication.

§Protocol Overview

SCRAM (Salted Challenge Response Authentication Mechanism) provides:

Password never sent in plaintext
Mutual authentication (client verifies server)
Protection against replay attacks via nonces

§Example Flow

use pgwire_replication::auth::scram::ScramClient;

fn main() -> Result<(), Box<dyn std::error::Error>> {
    let client = ScramClient::new("postgres");

    // Send to server: client.client_first.as_bytes()
    let server_first = String::new(); // received from server

    let (client_final, auth_msg, salted_pw) =
        client.client_final("password", &server_first)?;

    // Send to server: client_final.as_bytes()
    let server_final = String::new(); // received from server

    ScramClient::verify_server_final(&server_final, &salted_pw, &auth_msg)?;
    Ok(())
}

Structs§

ScramClient: SCRAM-SHA-256 client state.

Module scram

Module scram Copy item path

§Protocol Overview

§Example Flow

Structs§

Module scram